From baf42a5876394107220050269a9aaa2e0efe3850 Mon Sep 17 00:00:00 2001 From: Arman Hasanzadeh Date: Wed, 20 Aug 2025 13:04:51 -0700 Subject: [PATCH] Add fbounds-safety annotations for `data`. Reasoning: The `data` pointer in `WebPEstimateBestFilter` is annotated with `WEBP_COUNTED_BY((size_t)height * width)`. This reflects the allocation size found by tracing the call graph back to `EncodeAlpha` (src/enc/alpha_enc.c:332), where the buffer is allocated using `WebPSafeMalloc` with a size of `width * height`. Although the function signature includes a `stride` parameter used for pointer arithmetic (`data + j * stride` at src/utils/filters_utils.c:44), the implementation implicitly assumes `stride == width` for vertical and gradient filtering logic (e.g., accesses like `p[i - width]` at line 49). The only caller (src/enc/alpha_enc.c:220) respects this assumption by passing `width` as the `stride`. Therefore, `height * width` accurately represents the required buffer size. Bug: 432511821 Change-Id: I7d308cf8dcccd7d6128a17dbc0f7b177ee9282a1 --- src/utils/filters_utils.c | 5 +++-- src/utils/filters_utils.h | 5 +++-- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/src/utils/filters_utils.c b/src/utils/filters_utils.c index 39b81281..48b1606f 100644 --- a/src/utils/filters_utils.c +++ b/src/utils/filters_utils.c @@ -33,8 +33,9 @@ static WEBP_INLINE int GradientPredictor(uint8_t a, uint8_t b, uint8_t c) { return ((g & ~0xff) == 0) ? g : (g < 0) ? 0 : 255; // clip to 8bit } -WEBP_FILTER_TYPE WebPEstimateBestFilter(const uint8_t* data, int width, - int height, int stride) { +WEBP_FILTER_TYPE WebPEstimateBestFilter( + const uint8_t* WEBP_COUNTED_BY((size_t)width* height) data, int width, + int height, int stride) { int i, j; int bins[WEBP_FILTER_LAST][SMAX]; WEBP_UNSAFE_MEMSET(bins, 0, sizeof(bins)); diff --git a/src/utils/filters_utils.h b/src/utils/filters_utils.h index c1e545ae..d852c23c 100644 --- a/src/utils/filters_utils.h +++ b/src/utils/filters_utils.h @@ -25,8 +25,9 @@ extern "C" { #endif // Fast estimate of a potentially good filter. -WEBP_FILTER_TYPE WebPEstimateBestFilter(const uint8_t* data, int width, - int height, int stride); +WEBP_FILTER_TYPE WebPEstimateBestFilter( + const uint8_t* WEBP_COUNTED_BY((size_t)width* height) data, int width, + int height, int stride); #ifdef __cplusplus } // extern "C"